The Data Protection Act 1998 (“the Act”) came into force in 2000 with the aim of protecting individuals in relation to the processing and communication of personal data. The Act sets out eight principles which must be complied with by anyone who collects, uses or stores personal information in any way. The Act also gives rights to individuals, for example, to find out what personal information is held about them. If an individual feels that the eight principles are not being complied with or that a request for details of what personal information is being held about them has not been met, they can complain to the Information Commissioner (ICO).
The ICO has various powers, including the ability to serve enforcement notices and conduct assessments. It has however been difficult to impose any meaningful penalties on even those committing the most outrageous breaches of the Act. The Government has therefore recently consulted on the proposal for the ICO to be able to issue financial penalties for a breach of the Act.
It is expected that as from April 2010, the ICO will have the power to fine organisations which have committed serious breaches of the Act up to £500,000. The ICO has produced guidance on the issue of monetary penalties which sets out how this new power will be used. However, definite approval of this power has not yet been given.
Due to the threat of hefty fines, it is increasingly important to ensure compliance with the Act. As well as ensuring compliance on a routine basis, organisation should also consider data protection issues if they become involved in a commercial transaction, such as a sale of a business. Depending on the transaction, protected information may be requested during negotiations or during the due diligence stage. Other considerations arise on completion, if protected information is being transferred from one company to another.
If you require any advice on the issues raised in this article, please do not hesitate to contact James Tarling by telephone on 01603 598000 or alternatively by email to jtarling@steeleslaw.co.uk.